cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1596
Views
0
Helpful
4
Replies

Nexus 9K Secure Syslog not working

towabis772
Level 1
Level 1

Hello everyone,

I've been trying to setup Secure Syslog for hours, but I can't get it to work. I tried following the NX-OS System Management Configuration Guide, but it doesn't go really in depth on the topic. This is what I did:

conf t

logging server IP ADDRESS secure use-vrf management

After that I generated a CA cert on my Syslog server, used it to create a self signed certificate and added them to the Syslog config. The Configuration looks ok on the server side, port 6514 is correctly open and listening.

This is where I'm getting lost. Following the Cisco Guide, I should just do this:

crypto ca trustpoint trustpoint-name

crypto ca authenticate trustpoint-name (adding the certificate from CA generated earlier)

The certificate authentication looks to be successful, but I still cannot see any TLS traffic coming from the switch. I would expect at least some sort of client hello, even if there were any misconfiguration, but I can't see anything.

Anyone can assist me on that? I couldn't find any documentation related to this for NXOS. Forgive me for the bad formatting, I'm on mobile right now. I'll try to fix it asap

 

4 Replies 4

r.heitmann
Level 1
Level 1

can you establish a tcp-session to your secure-syslog-server?

for example, if

 

logging server <IP ADDRESS> secure use-vrf management

 

is configured, did you try

 

telnet <IP ADDRESS> 6514 vrf management

 

(avoid any further keys in your session, no return...)

with rsyslogd this works - looking at your linux/syslogd

 

netstat -tn | egrep "6514"
tcp 0 0 <RSYSLOG-IP>:6514 <NEXUS-IP>:<random-client-port> ESTABLISHED

 

?